Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
603
Views
0
Helpful
2
Replies

Migrating ASA configuration to a context

Julian Regel
Level 1
Level 1

‎05-23-2017 07:17 AM - edited ‎03-12-2019 02:24 AM

Hi

I have a Cisco ASA 5510 in single mode that is used for IPsec VPN site-to-site tunnels.

I would like to migrate the VPN tunnels onto a 5525X running in multiple context mode (i.e., create a new context and move the configuration onto it).

Does anyone have any suggestions on the best way to do this migration? I see that there is no ability in ASDM to backup the configuration on the 5510 and simply restore it into the context.

Thanks for any pointers!

Labels:
0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-23-2017 08:25 AM

Depending on the version of your ASA software running on the 5510 (i.e. if it is 8.2 or earlier), the configuration may look a good bit different on the 5525-X as that platform requires at least ASA 8.6 (and is recommended at something more like 9.4+).

Also the interface numbering is different in either case and several other bits from the 5510would not apply in a context configuration vs a basic non-multiple context mode. 

I would just extract the relevant bits (interface definitions, routes, ACLs, NAT rules, crypto maps and proposals, tunnel etc.) and recreate them manually on the 5525-X context.

If you're new to this, it might be in your best interest to contract with your local Cisco partner for a couple hours of professional services.

0 Helpful

johnlloyd_13
Level 9
Level 9

‎05-23-2017 05:39 PM

hi,

marvin is right! the ASA migration can be challenging and engaging a professional IT service would be wise if this is your first time.

the first thing i would check is the current 5510 image and planning/getting a 5525-x security context license (i.e. 5-, 10-, 20-security context). when you enable the 5525-x for multiple mode, you'll get 2 security context by default, excluding 'admin' context. also the IKE/crypto commands slightly changed in 8.4 code. issue a show version on both ASA to check the features it supports.

i also personally find CLI to be faster (and safer) when doing config migration vs ASDM which sometimes generates funny config and wanting to avoid any java issues. but that's just my preference.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card